search

OWASP / CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
https://cheatsheetseries.owasp.org
Creative Commons Attribution Share Alike 4.0 International
27.06k stars 3.79k forks source link

Update: LDAP Injection Prevention - LinqToLdap needs maintainance power #1417

Closed rklec closed 4 weeks ago

rklec commented 4 weeks ago

What is missing or needs to be updated?

https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html#safe-net-example currently suggests https://www.nuget.org/packages/LinqToLdap/ for C#. While this sounds good, it currently is not up-to-date with a good .NET base version, so cannot be used in many modern projects for now. Also, obviously, an outdated library is possible not a good suggestion.

How should this be resolved?

Best case would be to help upgrading the lib as in https://github.com/madhatter22/LinqToLdap/issues/31

For now, however, maybe a note like "(for .NET Framework 4.5 or lower)" could be added, possibly linking to the issue for maintenance/upgrade. To shed light on the problem.

jmanico commented 4 weeks ago

This is great information. Do you have time to cut a PR?